monolithic silc-server 1.0.4 deb released

Daniel Kahn Gillmor dkg-silc at fifthhorseman.net
Wed May 16 20:04:25 CEST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue 2007-05-15 22:50:08 -0400, Daniel Kahn Gillmor wrote:

> I've bumped along the monolithic debian packaging for silc-server, so
> that version 1.0.4 is released as a debian package.

I've just modified the package a little bit to remove the requirement
that the server's private key be mode 0600.  This requirement seems
like a bad idea to me: why should the silc server own the key that it
uses?  It should never need to modify it.  better to allow mode 0640
if the sysadmin wants it, so that the key can be owned by root but
readable by a special group that the silc-server user is a member of.

The packages are available, as always, at:

  http://lair.fifthhorseman.net/~dkg/src/silc/

Here's the change:

- --- silc-server-1.0.4.orig/apps/silcd/serverconfig.c
+++ silc-server-1.0.4/apps/silcd/serverconfig.c
@@ -619,10 +619,13 @@

     /*	Check the private key file permissions. */
     if ((stat(file_tmp, &st)) != -1) {
- -      if ((st.st_mode & 0777) != 0600) {
+      if ((st.st_mode & 0137) != 0000) {
+       /* The things we don't want are: user execute, group
+          write/execute, other anything.
+      	*/
        SILC_SERVER_LOG_ERROR(("Wrong permissions in private key "
                              "file \"%s\".  The permissions must be "
- -                             "0600.", file_tmp));
+ 		              "no more permissive than 0640.", file_tmp));
  	 return	SILC_CONFIG_ESILENT;
       }
     }


And here are the updated sha256sums:

ae4c6f2255b2e2fd4419d8b0a8ca24e5df569e8b27a452caa3495abca4f8482d  silc-server_1.0.4-2.diff.gz
8107a7b101b3b09310500a4e2734545fc7799ea6739582a94bc70d2d9564c8ee  silc-server_1.0.4-2.dsc
9224c6b35586552f3e7da17d159a549c85f6079a02b5ba218402793bafdc42c1  silc-server_1.0.4-2_i386.build
eaeebef19970b47f79cf3eb65d6ef0c3d356b742a1c58d7c9fb50d4e2a8e5663  silc-server_1.0.4-2_i386.changes
fdc7d5ef740e309b2c696f8cf209af326ed2b427765b163479cef1c5654e8496  silc-server_1.0.4-2_i386.deb
bc387bd340fae5a872214908678a57d8658e6bad452ec4599e296a33d6a7e876  silc-server_1.0.4.orig.tar.gz

If someone could update http://silcnet.org/software/download/server/,
i would appreciate it.

Regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFGS0eeiXTlFKVLY2URAmNyAKDfjnLRQdp4VAo0I8fjGs2Ax32/TgCfck4e
h0OaHwPIOvril4XJ0VBJhiI=
=p+LD
-----END PGP SIGNATURE-----

More information about the silc-devel mailing list